src/Security/Voter/InvoiceVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\Gauge\Invoice;
  6. use App\Entity\User;
  7. use App\Repository\Gauge\InvoiceRepository;
  8. use Doctrine\ORM\EntityManagerInterface;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use Symfony\Component\Security\Core\Security;
  13. class InvoiceVoter extends Voter
  14. {
  15. const EDIT = 'edit';
  16. const DELETE = 'delete';
  18. /**
  19. * @var Security
  20. */
  21. private Security $security;
  22. /**
  23. * @var EntityManagerInterface
  24. */
  25. private EntityManagerInterface $entityManager;
  27. public function __construct(Security $security, EntityManagerInterface $entityManager)
  28. {
  29. $this->security = $security;
  30. $this->entityManager = $entityManager;
  31. }
  33. protected function supports(string $attribute, $subject): bool
  34. {
  35. // if the attribute isn't one we support, return false
  36. if (!in_array($attribute, [self::EDIT, self::DELETE], true)) {
  37. return false;
  38. }
  40. // only vote on `Invoice` objects
  41. if (!$subject instanceof Invoice) {
  42. return false;
  43. }
  45. return true;
  46. }
  48. protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
  49. {
  50. $loggedUser = $token->getUser();
  52. if (!$loggedUser instanceof User) {
  53. // the user must be logged in; if not, deny access
  54. return false;
  55. }
  57. /** @var Invoice $targetInvoice */
  58. $targetInvoice = $subject;
  60. switch ($attribute) {
  61. case self::EDIT:
  62. return $this->canEdit($targetInvoice);
  63. case self::DELETE:
  64. return $this->canDelete($targetInvoice);
  65. }
  67. throw new \LogicException('This code should not be reached!');
  68. }
  71. /**
  72. * @param Invoice $targetInvoice
  73. * @return bool
  74. */
  75. private function canEdit(Invoice $targetInvoice): bool
  76. {
  77. if (!$this->security->isGranted('view', $targetInvoice->getGauge())) {
  78. return false;
  79. }
  81. if ($this->security->isGranted('ROLE_CAN_EDIT_ALL_INVOICES')) {
  82. return true;
  83. }
  85. if ($this->isLast($targetInvoice) && $this->security->isGranted('ROLE_CAN_EDIT_LAST_INVOICES')) {
  86. return true;
  87. }
  89. return false;
  90. }
  92. /**
  93. * @param Invoice $targetInvoice
  94. * @return bool
  95. */
  96. private function canDelete(Invoice $targetInvoice): bool
  97. {
  98. if (!$this->security->isGranted('view', $targetInvoice->getGauge())) {
  99. return false;
  100. }
  102. if ($this->security->isGranted('ROLE_CAN_DELETE_ALL_INVOICES')) {
  103. return true;
  104. }
  106. if ($this->isLast($targetInvoice) && $this->security->isGranted('ROLE_CAN_DELETE_LAST_INVOICES')) {
  107. return true;
  108. }
  110. return false;
  111. }
  113. /**
  114. * @param Invoice $targetInvoice
  115. * @return bool
  116. */
  117. private function isLast(Invoice $targetInvoice): bool
  118. {
  119. /** @var InvoiceRepository $iRepository */
  120. $iRepository = $this->entityManager->getRepository(Invoice::class);
  121. $lastInv = $iRepository->getLastForGauge($targetInvoice->getGauge());
  123. if ($lastInv !== null && $lastInv->getId() === $targetInvoice->getId()) {
  124. return true;
  125. }
  127. return false;
  128. }
  129. }